On Wed, 2017-01-11 at 03:13 +0000, Salz, Rich wrote: > The needs for OpenSSL's LHASH are exactly what SipHash was designed > for: fast on short strings. > OpenSSL's hash currently *does not* call MD5 or SHA1; the MD5 code is > commented out. > Yes, performance tests would greatly inform the decision.
+1 Is there really no use of LHASH tables in OpenSSL where an attacker attempting a DoS attack can control the contents of the tables? If you are reasonably sure that there is no such occurrence or that the number of entries attacker can insert into such table is severally limited by other means then perhaps it really makes no sense to replace the existing algorithm. But we need to know this first. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev